Are You A Uber-Hacker, Do You Want Be Uber-CSI?

What about combining these skills? Since 2006 the Defense Department’s Cyber Crime Center, known as DC3, hold a competitions that allows teams or individuals test themselves against the best.

The event is called the DC3 Challenge. One of the features of this challenge that I like is the competition has skill levels from novice to developer. The event is open to individuals or teams from around the world. There are openings for high schools, universities and commercial entities.

This is what you will be working on in this competition: file signatures, suspicious software, meta data, passwords, breaking encryption, finding concealed data, developing new tools just to name a few.

The sponsors for this event are: the Defense Cyber Crime Center, the computer security organization SANS, the Malaysia-based International Multilateral Partnership Against Cyber Threats, the International Council of Electronic Commerce Consultants, the John Hopkins Carey Business School, Cyber Watch, and the United Kingdom Cyber Security Challenge.

There are awards for the following categories: overall, international, U.S. and U.S. academic.

So why not sign up, get a team together show that you have the right stuff and along the way you might even learn something new. For the lucky few, the geniuses of keyboards & circuit-boards, you will develop new tools that will help fight the next generation of cyber criminal.

Computational Intelligence for Security and Defence Applications (CISDA), 2009

Ottawa as has a cool conference coming up IEEE Symposium: Computational Intelligence for Security and Defence Applications:Detecting and Adapting to Emerging Threats (CISDA), 2009. The Symposium runs 8-10 July 2009 here in Ottawa it look like a good line up of presentations.

* Applied Computational Intelligence in Biometrics
* Military Operational Logistics Modeling and Simulation
* Adaptive Network Security and Management
* Advanced Information Systems, Intelligence Exploration and Utilization, and Computer Architectures for Military and Security Applications
* Complex Systems Engineering: Defence and Security Applications
* Computational Intelligence Techniques for Complex Adaptive Systems in Defence and Security
* Computational Intelligence Systems in Unmanned Aerial Vehicles

I will be attend at least two days and maybe more. I look forward to this opportunity to hobnob with a bunch of super geeks. 🙂

EDIT NOTE (Wed. 17, June, 2009): It is confirmed. I will be attending the full 3 days of this conference. 🙂 Life is good.

Yet Another PHP Security Book

[openbook booknumber=”/b/OL22553066M”]

PHP is one area that really needs work when it comes to security. Its wide spread implementation has lead to numerous security concerns. In the last year we have seen several books on the topic. I can only hope that those that write PHP will take the time to read what is available, including this book. Too many times as a have I heard for customers/programmers say that security is not their problem… let the Sys. Admin’s take care of that…. Other PHP books is O’Reilly’s Essential PHP Security by Chris Shiflett and Pro PHP Security by Chris Snyder and Michael Southwell

Check out the Amazon reviews

New Security Book – Chained Exploits: Advanced Hacking Attacks From Start To Finish

[openbook booknumber=”/b/OL23016471M”]

Just got my hands on this book. To be honest I’m surprised a book like this took so long to make it to print. As a Linux user I chain commands together through something called bash scripting. So why wouldn’t crackers be doing the same thing. Lets be realistic, most crackers are automating their attacks and they’ve been doing this for a long time. So isn’t chaining various attacks together just good sense? I mean from the perspective of the bad guys.

Check out the Amazon reviews

41st Annual IEEE International Carnahan Conference on Security Technology

Today I took a day off work to attend the 41st Annual IEEE International Conference on Security Technology here in Ottawa. All I could afford was one day out of the 3 and that was more than enough. It is going to take a week for my brain to shrink to its normal small size. I attended the following lectures;

Morning Session

Fake Fingerprint Detection Using Sample Quality Measures
Stephen J. Elliott , Hakil Kim, Matthew R. Young, Shimon Modi – Purdue University, USA

Increasing Security with Correlation-Based Fingerprint Matching
Almudena Lindoso, Luis Entrena, Judith Liu-Jimenez,
Enrique San Millán – University Carlos III of Madrid, Spain

Vascular Biometric Systems & Their Security Evaluation
Raul Sanchez-Reillo, Belen Fernandez-Saavedra, Judith Liu-Jimenez, Carmen Sanches-Avila – University Carlos III of Madrid, Spain

Low Cost Multimodal Biometric Identification System Based on Hand Geometry, Palm & Fingerprint Texture
Miguel A Ferrer, Carlos M. Travieso, Jesús B. Alonso –
Universidad de Las Palmas de Gran Canaria, Spain

Investigation on the Selection of Filtering
Parameters & Number Of Eigenvectors

Thirimachos Bourlai, Josef Kittler, Kieron Messer – University of Surrey, UK

Arbitrary Illumination Conditions for Facial Identification
Carlos M. Travieso, Jesús B Alonso, Miguel A. Ferrer –
Universidad de Las Palmas de Gran Canaria, Spain

Robust Biometric Identification Combining Face & Speech
Enric Monte-Moreno, Marcos Faundez-Zanuy – Universitària Politècnica de Mataró (UPC), Spain

Afternoon Sessions

Bacterial Survivability & Transferability on Biometric Devices
Christy Blomeke, Stephen J. Elliott, Thomas Walter, Brandt M. Davis, James E. Tollefson – Purdue University, USA
Smart-Card-Based Face Verification System: Empirical

Spectroscopic Approach for Aliveness Detection in Biometrics Authentication
Davar Pishva – Carnegie Mellon CyLab, Japan

Quantum Wireless Secure Communication Protocol
Tien-Sheng Lin, Sy-Yen Kuo – National Taiwan University, Taiwan

(NO SHOW) Indirect Human Computer Interaction-Based Biometrics for
Intrusion Detection Systems
Roman V. Yampolskiy – University at Buffalo, USA

TacNet: Mobile Ad Hoc Secure Communications Network
Loren E. Riblett, James M. Wiseman – Sandia National Laboratories, USA

The most interesting of these were the Fake Fingerprint Detection.., Vascular Biometric Systems…, Bacterial Survivability…, and Smartcard-Based-Face…. It will probably take me a week or to to go through all the conference proceedings. Much of what they dealt with I understood, that is until they dropped into the math. I was probably the only non-PhD in the crowd and one of the few not wearing a suit. LOL. I was the also the only one without a company indicated on our big name tags. That became a bit of a topic of conversation among a few of my table mates during the lunch. The joke was that I belonged to one of those un-named organizations. LOL. And if they asked me too many questions I’d make them disappear. I guess they’d never believe that someone would willing pay out of their own pocket to go to one of these conferences, I guess they are right in this for most people, then again I’m not most people.

These conferences are by my income standards very expensive. But given the finances I’d go again next year. There is important information that can be gather at these conference even if you are not a PhD. It does not take a PhD to see the significance, relevance and interconnectedness of these papers and there broader implications both for business and national governments.